Pub. 11 2021-2022 Issue 3

September • October 2021 17 3. Prioritize Employee Education A core component of most cyberattacks remains consistent: at some point, the attack encounters a human who allows the cybercriminal access to your system. Therefore, training your staff — especially at the highly targeted customer service level — should be paramount. Educating employees and providing them with social engineering training reduces the likelihood of those employees inadvertently aiding an attack. Ensure your employees are familiar with the signs of ransomware and know how to react when they encounter suspicious activity. With proper training, your bank’s staff will become a powerful line of defense in protecting against malicious attacks. 4. Leverage Industry Best Practices Cybercriminals often use confusion and fear as their weapons of choice. Their methods are constantly evolving, designed to circumnavigate any new roadblock they encounter. Because of this, one of the best ways of fighting cybercrime is creating a unified community dedicated to a constant and open flow of information and articulation of best practices. Organizations such as FS-ISAC allow institutions and businesses across all industries to share best practices and insight in the hopes of achieving a unified front against cybercrime. 5. Assess Privilege Control Allowing all your employees unlimited access to your customers’ secure data is an enormous liability. Ensure that only employees who need deep access into valuable customer files have it and only give administrative privileges to an appropriate few. Limiting these privileges to a smaller, more acutely trained pool of employees will decrease your bank’s overall risk. Additionally, consider requiring multi-factor authentication (MFA) to enhance protection. Using MFA requires multiple factors to verify a user’s identity, preventing a hacker from accessing accounts by obtaining or cracking a password. Authenticating a user’s identity and protecting credentials using two or more pieces of evidence will further strengthen the resilience of your network. 6. Secure Your Entire Perimeter … Including the Cloud Without tight perimeter security, your bank is basically leaving the front door wide-open. It’s no longer optional to simply deploy firewalls and intrusion prevention systems. Financial institutions must go above and beyond typical security measures to keep their Sean Martin serves as a product manager for CSI Managed Services and has extensive knowledge on implementing effective systems security and network management practices. He speaks and writes frequently on security- related topics affecting the financial services industry and holds Cisco CCNA and CCIE written certifications. systems safe and should consider taking advantage of enterprise-grade security solutions. It’s important to understand that your perimeter extends beyond your physical perimeter. As more institutions prioritize cloud migration, ensure you approach cloud adoption with security considerations in mind. Having the proper security configurations and deploying the latest enhancements for your environment will maximize the benefits of the cloud. Further, monitoring your entire perimeter — including your cloud-based IT infrastructure — is critical. 7. Monitor Your Network One of the biggest challenges community financial institutions face is monitoring for suspicious activity. Security systems and tools are critical, but neither take the place of eyes on glass. One of the wisest investments you can make is partnering with a managed services provider (MSP) that offers around-the-clock assistance in monitoring suspicious activity. These same providers can assist with administrative functions — including system and software updates — and offer practical, actionable advice to make sure your bank is doing everything possible to prevent attacks. Mitigate Your Bank’s Cybersecurity Risk Cybersecurity is more than a technology issue; it is a business issue. Don’t leave your bank vulnerable to ransomware or other cyberattacks. By keeping a pulse on current and evolving threats, you can mitigate your cyber risk to keep your networks, data, and users safe. Gain additional insight on strategies to detect, prevent and manage cybersecurity threats by watching CSI’s on-demand webinar. https://www.csiweb.com/ what-to-know/content-hub/odwebinars/cybersecurity - insight-keys-to-mitigating-cybersecurity-threats/?utm _ source=association&utm_medium=article&utm_ campaign=odw_fy22_07_cybersecurityinsight.